Pay To Win: Algorithmic Incentive Manipulation Attacks on Permissionless Cryptocurrencies

Abstract

Nakamoto consensus (NC) lies at the foundation of the prevalent permissionless cryptocurrency design. The exact rules differ from system to system, but each variant requires proof that a certain amount of resources was invested in proposing a new system state. These resources, for example, could be computation and energy, as in Proof-of-Work (PoW), or a certain amount of cryptocurrency units, as in Proof-of-Stake (PoS). To incentivize participation, prevalent permissionless cryptocurrencies issue rewards in the form of native currency units. A key question in this regard is how to incentivize the honest behavior of participants. Although cryptocurrencies have been a prominent research object in recent years, the security guarantees of the underlying constructions still contain blind spots and unanswered questions. One of these questions is the security of such systems against attacks which promise automatically claimable rewards, that are algorithmically assured, for provable attacker-desired actions of participants. In this thesis, we summarize related attacks targeting the incentives of participants under a new attack category termed algorithmic incentive manipulation (AIM). AIM programmatically offers rewards, or issues threats, which change the incentives of economically rational players. Thereby, an attacker can increase the chance that the targeted system reaches a favored state. Depending on the motives, this state must not necessarily be profitable for the attacker. However, if the desired state leads to profits for the attacker, shares of this profit can be used in algorithmically enforceable side payments for the colluding players of the attack. In other words, the attacker pays to win.It is well known in game theory that collusion and side payments pose severe challenges to mechanism design. However, the extent of the problem with regard to permissionless cryptocurrencies is not conclusively understood yet. This thesis lays the necessary ground-work for a better understanding: It describes the problem, systematizes related attacks, provides new attacks (including a proof-of-concept), evaluates the success probability and profitability, and proves that it is not possible for permissionless cryptocurrencies based on NC to prevent AIM by technical means alone. In a world where multiple cryptocurrencies co-exist and can be cryptographically interlinked, the availability of other (external) cryptocurrency resources participants care about is a plausible assumption. This requires us to reconsider the achievable economic security guarantees of permissionless cryptocurrencies and certain design decisions which amplify the problem.